Inconsistency in generation of technique administration files

Question

Inconsistency in generation of technique administration files

SanWieb opened this issue 4 years ago · 2 comments

Hi,

There is a small inconsistency at the generation of the technique administration files.

The command python dettect.py ds -fd sample-data/data-sources-endpoints.yaml -y will generate a administration file without a '-' before the applicable_to key. Like this:

  - technique_id: T1001.001
    technique_name: Junk Data
    detection:
      applicable_to:
      - all
      location:
      - ''
      comment: ''
      score_logbook:
      - date: 
        score: -1
        comment: ''

However in the example there is a '-' before applicable_to, the output of the DeTT&CT editor also contains the '-'.
A YAML exception (duplicated mapping key) occurs if you add another applicable_to block without '-'.

Answer 1 · 2021-03-17T13:08:30.000Z

Hi Sander,

Thanks for indicating. We will however not fix this issue for the following reasons:

Our advice would be to edit a technique administration file through the Editor and not directly by changing the YAML file's content. The reason being that it's pretty error-prone doing it in that way. There are of course exceptions, like replace specific values all at once in the YAML file or some automation you're using to make changes to the content.
The Editor and CLI will handle these kind of technique objects without any issue.
It's by design. Not having this in a list by default (using '-') does not make it an incompatible YAML file.

Regards,
Marcus

Answer 2 · 2021-03-18T08:04:12.000Z

Hi Marcus,

Thanks for the quick response! I understand the consideration